This site may earn affiliate commissions from the links on this page. Terms of use.

Ever since Edward Snowden began to leak details on the mass surveillance programs of the NSA and other government agencies, there’s been an ongoing debate over the nature and limits that should be placed on such surveillance. One of the most troubling trends exposed in repeated leaks is the degree to which the government has exceeded the enormous authority granted it by the Patriot Act and other legislation. New information, available today, is going to reignite that argument. Days after the Senate voted to reauthorize the Patriot Act with some modest modifications, details have leaked on how the Obama Administration authorized the NSA to search the Internet for evidence of malicious hacking, even when there were no obvious ties between the alleged hackers and any international groups.

According to a joint investigation between the New York Times and Pro Publica, the Justice Department authorized the NSA to hunt for hackers without a warrant, even when those hackers were present on American soil. Initially, the DOJ authorized the NSA to gather only addresses and “cybersignatures” that corresponded to computer intrusions, so that it could tie the efforts to specific foreign governments. The NSA, however, sought permission to push this envelope. These new slides also note, incidentally, that Dropbox was targeted for addition to the PRISM program.

These practices date back to at least 2011, when the Foreign Intelligence Surveillance Court (FISC, sometimes called the FISA Court) authorized the FBI to begin using NSA resources in pursuing foreign-based hackers. Data the NSA gathered on behalf of the FBI was to be routed to the FBI’s own repositories. As with previous controversial orders, it’s not clear what the criteria are for a target being “suspicious,” or what ties or evidence are gathered to link a specific individual to hacking attempts before warrantless surveillance is called in. Monitoring hackers also means monitoring what hackers are hacking — which means that the data stolen off US servers is being dumped back to the NSA. What happens to that data? It’s not clear — and the NSA’s ability to accurately identify the difference between friends and enemies has been repeatedly called into question, including by the FISA court itself.

Brian Hale, the spokesman for the Office of the Director of National Intelligence, told the New York Times, “It should come as no surprise that the U.S. government gathers intelligence on foreign powers that attempt to penetrate U.S. networks and steal the private information of U.S. citizens and companies.” He added that “targeting overseas individuals engaging in hostile cyberactivities on behalf of a foreign power is a lawful foreign intelligence purpose.”

Few would argue that the US government doesn’t have an obligation to protect its citizens, including protecting them from unlawful cyberattacks. The problem with these programs is that there’s been no public debate on their scope, nature, or design. Three years ago, the Obama Administration began allowing the NSA to search communication streams to monitor IP addresses or computer code that it deems “harmful.”

Prior to 9/11, it was illegal for criminal investigators and intelligence officials to share information on specific suspects. In the wake of 9/11, the government dismantled this protection, arguing that it would impede the investigation of terrorists. Once it had approval to gather information on cybersecurity targets, the NSA quickly began complaining that rules requiring it to tie those targets to foreign governments were too restrictive, too difficult. Some of the provisions of the Patriot Act have been ruled unable to justify mass wiretapping, but no word on how that case will progress from here.

So, now we know that the NSA and FBI have been gathering data directly on US citizens without a warrant and that the NSA intercepts at least some hacked data even as attackers retrieve it. These are significant changes of policy and legal interpretation that have not been discussed, debated, or disclosed. Last Februrary, Obama spoke on the need for increased transparency and accountability, saying:

“People, rightly, ask, well, what safeguards do we have against government intruding on our own privacy? And it’s hard, and it constantly evolves because the technology so often outstrips whatever rules and structures and standards have been put in place, which means that government has to be constantly self-critical and we have to be able to have an open debate about it.”

Former head of the NSA, General Keith Alexander

“Open debate,” apparently, is just another phrase that means something very different to politicians than to the rest of us. Former head of the NSA General Keith Alexander never revealed the NSA had these powers when he lobbied for greater authority and capability in this area. In point of fact, Alexander may have deliberately lied. According to The Intercept, the NSA director said the following at a March, 2014 conference: “An attack on Wall Street or an exploit going against Wall Street — NSA and Cyber Command would probably not see that. We have no capability there. Against everything that’s been said, the fact is we don’t have the ability to see it.”

Tagged In

This site may earn affiliate commissions from the links on this page. Terms of use.

ExtremeTech Newsletter

Subscribe Today to get the latest ExtremeTech news delivered right to your inbox.

Email

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our
Terms of Use and
Privacy Policy. You may unsubscribe from the newsletter at any time.